CVE-2024-34515

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

Linux Distros Unpatched Vulnerability : CVE-2023-33568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects,...

DEBIAN-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal", 'Description' = %q This module exploits a directory...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

Huawei EulerOS: Security Advisory for lxc (EulerOS-SA-2023-1763)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : lxc (EulerOS-SA-2023-1532)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

WordPress Plugin Tutor.1.5.3 - Local File Inclusion

Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/tutor/ =================================================================== Vulnerable page: /instructors.php...

PT-2019-12993 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.109 Description: The issue allows remote command execution by a super administrator due to the use of the PHP file exists function with user-controlled entries. Specifically, phar:// URLs can trigger deserialization, leading ...

UBUNTU-CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

Tiki Wiki CMS 15.0 - Arbitrary File Download

Exploit for php platform in category web applications Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download Date: 11-07-2016 Software Link: https://tiki.org Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...

IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the...

doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability

No description provided by source. | DOOP CMS =1.3.7 Local File Inclusion | || | vuln path: ?page=/../../../../../../../etc/passwd%00 | | | | dork: Doop CMS | | dork2: powered by Doop CMS | | | | work only if magicquotesgpc are set to OFF | || | vuln code: | | line 544: | | if !isset$REQUEST'page...

php: paths with NULL character were considered valid

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the fileexists function...

Ruubik CMS 1.1.0 Local File Inclusion

Exploit Title: Ruubikcms v 1.1.0 /extra/image.php Local File Inclusion Vulnerability Date: 2011/10/16 Author: Sangyun YOO Software Link: http://ruubikcms.com/ruubikcms/download.php?f=ruubikcms110.zip Version: Ruubikcms v 1.1.0 Tested on: Windows 7 Starter K ---------------------------------------...

Joomla Component mod_spo SQL Injection Vulnerability

No description provided by source. Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on: Backtrack...

1 6 2 1 0 0 Site Navigation 1. 9 local file inclusion vulnerability-vulnerability warning-the black bar safety net

Breaking app breaking vulnerability, but in order to encourage everyone to learn, or sent to. Reject malicious destruction! Program official: http://download.162100.com admin directory run.php the file part of the code is as follows: I find the Upload Directory editor/index.html Use the upload...

Storyteller CMS - var Local File Inclusion

Storyteller CMS - var Local File Inclusion == Title: Storyteller CMS var Local File Include Vuln Version: n/a Link: http://www.esselbach.com/freeware.php?id=2 == Author: BorN To K!LL - h4ck3r Contact: [email protected] == Vuln code: in GetTemplate function , line 113 to 127 function GetTemplate$v...

Wind crossing technology ASP online shopping system 0 9 0 5-1 injection vulnerability-vulnerability warning-the black bar safety net

Wind crossing technology ASP online shopping system 0 9 0 5-1 Multi-file exists injection vulnerability Relates to document: proshow. asp, new. asp and the like. ! Size: 132.91 K Size: 5 0 0 x 3 9 1 Browse: 0 times Click to open a new window to browse the full map! Size: 88.01 K Size: 5 0 0 x 3 9...

Chaton 1.5.2 - Local File Inclusion

Chaton 1.5.2 - Local File Inclusion + Chaton = 1.5.2 Local File Include Vulnerability + Discovered By: cr4wl3r + Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip + Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck3n91n3, xharu, zvtral, and all my friend...